Bitcoin Security and Cryptography: Reasons to Worry

Bitcoin has a toxic culture of NOT taking security and cryptography questions seriously ever. Being able to withstand expert criticism, champion best practices and anticipate the risks is crucial for any open source project.

Bitcoin developers are now developing a new library for secp256k1. This will make it even harder to convince them to migrate to a different curve, with potentially catastrophic consequences for our bitcoins.

In spite of benefiting from vast amounts of public discussion and voluntary security advice, bitcoin is not trying to improve.

Most of these attacks rely on bad random events in bitcoin, which have been in existence since 2012.

However in late 2014 there was another massive outbreak of such events in the bitcoin blockchain.

These vulnerabilities could have been very easily fixed in bitcoin code by applying RFC 6979.

It was utterly irresponsible NOT to fix this vulnerability known since January 2013. The fix was already applied by many companies such as Trezor, but not yet by bitcoin core client. Why? A patch apparently was apparently already submitted to bitcoin code in January 2013, according to these slides and it is still not applied by the bitcoin core software client.

We can also remark that bitcoin core client relies on OpenSSL for random number generation. It is difficult to imagine worse.

Not trying to do the job correctly, with a strict minimum of diligence and applying best practices, is what probably makes today’s bitcoin more likely to be considered as a pump and dump investment scheme.

Other crypto currencies, though smaller than bitcoin, seem to do much better:

For example Stellar has a head of Secure Computer Systems Group at Stanford University on board, and they do care about security: they decided to go for a so called “safe” elliptic curve Curve25519.

Ethereum has two superstar cryptographers Merkle and Koblitz, which are actually the people who have invented the very cryptographic technology which underpins bitcoin.